Open reddz0 opened 4 years ago
Line 204 of handler.php echos the "type" query string parameter ($_GET[type]) to the user agent. This is a potential XSS attack vector. Changing this line to not echo the input would be preferred.
How to reproduce:
http:\[siteurl]\handler.php?type=
Line 204 of handler.php echos the "type" query string parameter ($_GET[type]) to the user agent. This is a potential XSS attack vector. Changing this line to not echo the input would be preferred.
How to reproduce:
http:\[siteurl]\handler.php?type=